2010-06 - WHOIS Policy

PDF version

Policy No: 2010-06
Publication Date: 20/12/2010
Status: Replaced by Policy No 2014-07

1. BACKGROUND

1.1 This document sets out auDA's policy on the collection, disclosure and use of WHOIS data in the open 2LDs (asn.au, com.au, id.au, net.au, org.au) and the community geographic 2LDs (act.au, qld.au, nsw.au, nt.au, sa.au, tas.au, vic,au, wa.au).

1.2 auDA's Registry Licence Agreement and Registrar Agreement impose certain conditions on the registry operator and registrars in relation to the collection and use of WHOIS data. This policy operates to clarify some of those conditions.

2. WHOIS POLICY PRINCIPLES

2.1 The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant. The WHOIS service is provided by the registry via a web-based tool and Port 43.

2.2 auDA has drafted this policy with the aim of striking an acceptable balance between:

a) the rights of registrants, under Australian law, in relation to how their personal information is handled;

b) the role of auDA to promote a competitive and efficient domain name industry; and
c) the interests of law enforcement agencies in accessing information about domain names for consumer protection and other public interest purposes.

3. COLLECTION OF WHOIS DATA

3.1 Data about each domain name registration is collected from the registrant by the registrar, and submitted to the registry in accordance with the procedural requirements of the registry. The WHOIS service displays a subset of the full registry data for each domain name (known as the "WHOIS data").

3.2 Under the Registrar Agreement, and in accordance with Australian privacy legislation, registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.

3.3 Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.   

3.4  In order to maintain the integrity of the WHOIS database, registrants are required to notify their registrar of any changes to WHOIS data for their domain name(s) and the registrar must update the WHOIS database on receipt of new information from the registrant.

4. DISCLOSURE OF WHOIS DATA

4.1 The table in Schedule A lists the data fields that will be disclosed on the WHOIS service (web-based and Port 43) for all domain names in the open 2LDs.

4.2 In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed.

4.3 It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.

4.4 To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented Image Verification Check (IVC) on the web-based WHOIS service. The purpose of IVC is to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS responses; users of Port 43 WHOIS will be referred to the web-based WHOIS service to access email addresses via IVC.

4.5 In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service.

4.6 A request may be made to auDA for the creation date of a particular domain name or domain names, for the purpose of establishing rights in connection with a proposed claim under the .au Dispute Resolution Policy or other court proceeding. The request for domain name creation date form is available on the auDA website.

4.7 Registrants who wish to check the creation, renewal or expiry date of their own domain name can do so through their registrar or reseller.

5. USE OF WHOIS DATA

5.1 In the interests of protecting the privacy of registrants, the following activities are strictly prohibited:

a) use of WHOIS data to support an automated electronic query process; and

b) bulk access to WHOIS data (ie. where a user is able to access WHOIS data other than by sending individual queries to the database).

5.2 In order to prevent the abuses listed in paragraph 5.1, auDA will impose restrictions on the number of queries that a user can send to WHOIS (web-based or Port 43). The level of restriction will be clearly displayed on the WHOIS website. auDA may vary the restriction at any time.

5.3 auDA recognises that it may be necessary for law enforcement agencies to access the full record of a particular domain name or names as part of an official investigation. auDA will deal with requests from law enforcement agencies on a case-by-case basis.

SCHEDULE A

WHOIS FIELDS FOR .AU OPEN SECOND LEVEL DOMAINS

 Field Name  Field Description
 Domain Name  Registered domain name
 Last Modified  Date the domain name record was last modified
 Registrar ID  Registry code used to identify the registrar of record
 Registrar Name  Name of the registrar of record
 Status  Status of the domain name (eg. "OK," "pendingTransfer," "pendingDelete")
 
 Registrant  Legal name of the registrant entity (eg. company name)
 Registrant ID  ID number associated with the registrant entity, if any (eg. ACN for company)
 
 Eligibility Type  Registrant's eligibility type (eg. "Company")
 Eligibility Name  Name used by the registrant to establish eligibility, if different from their
 own legal name (eg. registered business name or trademark)
 Eligibility ID  ID number associated with the name used by the registrant to establish
 eligibility (eg. BN for registered business name, TM number for
 registered trademark)
 
 Registrant ROID  Registry code used to identify the registrant
 Registrant Contact Name  Name of a contact person for the registrant
 Registrant Email  Contact email address for the registrant
 
 Tech ID  Registry code used to identify the technical contact
 Tech Name  Name of a technical contact for the domain name (eg. registrar, reseller,
 webhost or ISP)
 Tech Email  Contact email address for the technical contact
 
 Name Server  Name of computer used to resolve the domain name to Internet Protocol (IP)
 numbers (minimum of 2 name servers must be listed)